package com.zzz.springsecuritystudy.security;

import com.zzz.springsecuritystudy.entity.ResponseResult;
import com.zzz.springsecuritystudy.util.ResponseUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 登录后，访问缺失权限的资源会调用。
 *
 * @date 2021/9/15
 */
@Component
@Slf4j
public class RestAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException {
        log.info(e.getMessage());
        //当用户在没有授权的情况下访问受保护的REST资源时，将调用此方法发送403 Forbidden响应
        ResponseUtils.print(response,new ResponseResult(HttpServletResponse.SC_FORBIDDEN,e.getMessage(),null));
    }

}
